Troy Hunt

MAY 14, 2022

A short one this week as the previous 7 days disappeared with AusCERT and other commitments. Geez it was nice to not only be back at an event, but out there socialising and attending all the related things that tend to go along with it. I'll leave you with this tweet which was a bit of a highlight for me, having Ari alongside me at the event and watching his enthusiasm being part of the industry I love 😊 At #AusCERT with Ari for “take your son to work” day 🙂 I&

Passwords 215

Passwords 215

Schneier on Security

MAY 14, 2022

This is a current list of where and when I am scheduled to speak: I’m speaking on “Securing a World of Physically Capable Computers” at OWASP Belgium’s chapter meeting in Antwerp, Belgium, on May 17, 2022. I’m speaking at Future Summits in Antwerp, Belgium, on May 18, 2022. I’m speaking at IT-S Now 2022 in Vienna, Austria, on June 2, 2022. I’m speaking at the 14th International Conference on Cyber Conflict, CyCon 2022, in Tallinn, Estonia, on June 3, 2022.

185

185

Bleeping Computer

MAY 14, 2022

Han Bing, a former database administrator for Lianjia, a Chinese real-estate brokerage giant, has been sentenced to 7 years in prison for logging into corporate systems and deleting the company's data. [.].

145

145

Security Boulevard

MAY 14, 2022

Ransomware attacks continue to grow in frequency. In the past 12 months, 76% of organizations have been affected by ransomware attacks, constituting a 15% YoY rise according to Veeam’s Data Protection Trends Report 2022. As well as being more common, ransomware is also getting more potent. When businesses are struck by ransomware, they are unable [.].

Ransomware 123

Ransomware Backups 123

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

MAY 14, 2022

The Pro-Russian volunteer movement known as LEGION is calling to launch DDoS attacks against the final of the Eurovision song contest. The LEGION is a Pro-Russian volunteer movement that focuses on DDOS attacks. The group made the headlines for attacks against Western organizations and governments, including NATO countries and Ukraine. This week the Pro-Russian hacker group Killnet and Legion targeted the websites of several Italian institutions , including the senate and the National Institute

DDOS 106

DDOS Hacking Government Cybersecurity 106

Security Boulevard

MAY 14, 2022

This Week in Malware digest was delayed by a day in light of a significant announcement on Friday from Sonatype's CTO Brian Fox. The announcement details Sonatype's participation in an ongoing conversation led by the Open Source Security Foundation (OpenSSF) that unites the industry, open source communities, and government officials in solving the big OSS security problem.

Malware 120

Malware Government Firewall 120

Dark Reading

MAY 14, 2022

Cyber-researchers are testing the bounds of optical attacks with a technique that allows attackers to recover voice audio from meetings if there are shiny, lightweight objects nearby.

143

143

Security Affairs

MAY 14, 2022

Pro-Russian hacker group Killnet targeted the websites of several Italian institutions, including the senate and the National Institute of Health. A group of Pro-Russian hackers known as “ Killnet ” launched an attack against multiple websites of several Italian institutions, including the senate, the National Institute of Health, and the Automobile Club d’Italia (ACI), the national drivers’ association.

Government 98

Government DDOS Data breaches Media 98

Bleeping Computer

MAY 14, 2022

A recent security update for a Windows NTLM Relay Attack has been confirmed to be a previously unfixed vector for the PetitPotam attack. [.].

103

103

The Hacker News

MAY 14, 2022

Ever thought about working full-time in cybersecurity? With millions of unfilled jobs around, now is a great time to get into the industry. Of course, there are many different roles in this field. But all of them require the same handful of professional certifications.

Cybersecurity 81

Cybersecurity 81

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

MAY 14, 2022

Our thanks to both the OWASP® Foundation and the OWASP Global AppSec US 2021 Virtual Conference Presenters for publishing their well-crafted application security videos on the organization’s’ YouTube channel. Permalink. The post OWASP® Global AppSec US 2021 Virtual – Ronen Slavin’s ‘Analyzing Google’s SLSA Framework For Securing Software Supply Chains’ appeared first on Security Boulevard.

Software 82

Software 82

WIRED Threat Level

MAY 14, 2022

Plus: New details of ICE’s dragnet surveillance in the US, Clearview AI agrees to limit sales of its faceprint database, and more.

Surveillance 93

Surveillance Encryption 93

SecureBlitz

MAY 14, 2022

Learn how to start an insurance business in 2022 in this post. If you are looking for a recession-proof business, entering the insurance industry is the right choice. Insurance is an essential part of life for the majority of Americans. They need insurance for their businesses, have sufficient finances to look after their family’s unforeseen. The post How To Start An Insurance Business In 2022 appeared first on SecureBlitz Cybersecurity.

Insurance 77

Insurance Cybersecurity 77

Bleeping Computer

MAY 14, 2022

Online crypto scams and ponzi schemes leveraging social media platforms are hardly anything new. But, this gruesome case of a London-based crypto robber transcends the virtual realm and tells a shocking tale of real-life victims from whom the perpetrator successfully stole £34,000. [.].

Scams 64

Scams Media Cryptocurrency 64

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

MAY 14, 2022

via the comic artistry and dry wit of Randall Munroe , resident at XKCD ! Permalink. The post XKCD ‘Crêpe’ appeared first on Security Boulevard.

70

70

Security Affairs

MAY 14, 2022

Another week has passed and Anonymous has hacked other Russian companies and leaked their data via DDoSecrets. The #OpRussia launched by Anonymous on Russia after the criminal invasion of Ukraine continues, the collective claims to have hacked multiple organizations and government entities. The hacktivists leaked the stolen data via DDoSecrets. Below is the list of organizations breached this week by Anonymous: SOCAR Energoresource operates the Antipinsky Refinery and several oilfields.

Government 121

Government Hacking Cybersecurity Information Security 121

Security Boulevard

MAY 14, 2022

Our thanks to Security BSides Sofia for publishing their Presenter’s Security BSides Sofia 2022 superb security videos on the organization’s’ YouTube channel. Permalink. The post Security BSides Sofia 2022 – Bozhidar Bozhanov, Minister Of e-Government, Republic Of Bulgaria ‘ Keynote’ appeared first on Security Boulevard.

Government 48

Government Education InfoSec Cybersecurity 48

Notice Bored

MAY 14, 2022

The 'obvious' driver for information security is information risk: valuable yet vulnerable information must be secured/protected against anything that might compromise its confidentiality, integrity or availability, right? Given an infinite array of possible risks and finite resources to address them, information risk analysis and management techniques help us scan the risk landscape for things that stand out - the peaks - and so we play whack-a-mole, attempting to level the field through mitiga

Information Security 116

Information Security Risk Healthcare Government 116

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

MAY 14, 2022

ldapsearch is a extremely powerful tool, especially for Windows Active Directory enumeration. It’s one of my primary tools when performing pentesting or red teaming against an environment with Active Directory, but also comes in quiet handy to know as many times it can come default installed or part of a base image, so its a bit Living-Off-The-Land-esq.

Passwords 52

Passwords Accountability Authentication DNS 52